Hi Glen, Thanks for the review. I've incorporated most of the suggestions into a new revision. I have a question for you below.
<snip> > Same section, last paragraph, says: > > Since EAP authentication occurs before network access is > granted the > tunnel method SHOULD enable an inner exchange to provide > support for > minimal password management tasks including password > change, "new PIN > mode", and "next token mode" required by some systems. > > "New token mode" and "new PIN mode" refer to the proprietary > SecureID system > from RSA. I don't know why we should be giving RSA free > advertising ;-), > nor why their system deserves explicit mention. Suggestion: > > CHANGE: > change, "new PIN mode", and "next token mode" required by > some systems. > TO > change and other "housekeeping" functions required by some systems. > > This might also be a good place to mention that certain data > related to > authorization may need to be communicated to the peer; it is > forbidden to do > this in an EAP Success message, but there is no such > constraint (yet) upon > the TLS tunnel. > [Joe] I think this information would go in section 3.8 Extensibility. Do you have specific text that you think should go there. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu